feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge branch 'master' into ti

Browse Source
This commit is contained in:
toddouska
2014-05-20 14:33:14 -07:00
parent fc084e9978 15d3d3f790
commit e373b083bf
9 changed files with 275 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
ctaocrypt/src/integer.c
View File

@@ -1854,15 +1854,15 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
} }
/* compute the value at M[1<<(winsize-1)] by squaring M[1] (winsize-1) times*/ /* compute the value at M[1<<(winsize-1)] by squaring M[1] (winsize-1) times*/
if ((err = mp_copy (&M[1], &M[1 << (winsize - 1)])) != MP_OKAY) { if ((err = mp_copy (&M[1], &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) {
goto LBL_RES; goto LBL_RES;
} }
for (x = 0; x < (winsize - 1); x++) { for (x = 0; x < (winsize - 1); x++) {
if ((err = mp_sqr (&M[1 << (winsize - 1)], &M[1 << (winsize - 1)])) != MP_OKAY) { if ((err = mp_sqr (&M[(mp_digit)(1 << (winsize - 1))], &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) {
goto LBL_RES; goto LBL_RES;
} }
if ((err = redux (&M[1 << (winsize - 1)], P, mp)) != MP_OKAY) { if ((err = redux (&M[(mp_digit)(1 << (winsize - 1))], P, mp)) != MP_OKAY) {
goto LBL_RES; goto LBL_RES;
} }
} }
@@ -3250,19 +3250,19 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode)
/* compute the value at M[1<<(winsize-1)] by squaring /* compute the value at M[1<<(winsize-1)] by squaring
* M[1] (winsize-1) times * M[1] (winsize-1) times
*/ */
if ((err = mp_copy (&M[1], &M[1 << (winsize - 1)])) != MP_OKAY) { if ((err = mp_copy (&M[1], &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) {
goto LBL_MU; goto LBL_MU;
} }
for (x = 0; x < (winsize - 1); x++) { for (x = 0; x < (winsize - 1); x++) {
/* square it */ /* square it */
if ((err = mp_sqr (&M[1 << (winsize - 1)], if ((err = mp_sqr (&M[(mp_digit)(1 << (winsize - 1))],
&M[1 << (winsize - 1)])) != MP_OKAY) { &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) {
goto LBL_MU; goto LBL_MU;
} }
/* reduce modulo P */ /* reduce modulo P */
if ((err = redux (&M[1 << (winsize - 1)], P, &mu)) != MP_OKAY) { if ((err = redux (&M[(mp_digit)(1 << (winsize - 1))], P, &mu)) != MP_OKAY) {
goto LBL_MU; goto LBL_MU;
} }
} }

8
ctaocrypt/test/test.c
View File

@@ -3772,7 +3772,7 @@ int openssl_test(void)
EVP_MD_CTX_init(&md_ctx); EVP_MD_CTX_init(&md_ctx);
EVP_DigestInit(&md_ctx, EVP_md5()); EVP_DigestInit(&md_ctx, EVP_md5());
EVP_DigestUpdate(&md_ctx, a.input, a.inLen); EVP_DigestUpdate(&md_ctx, a.input, (unsigned long)a.inLen);
EVP_DigestFinal(&md_ctx, hash, 0); EVP_DigestFinal(&md_ctx, hash, 0);
if (memcmp(hash, a.output, MD5_DIGEST_SIZE) != 0) if (memcmp(hash, a.output, MD5_DIGEST_SIZE) != 0)
@@ -3789,7 +3789,7 @@ int openssl_test(void)
EVP_MD_CTX_init(&md_ctx); EVP_MD_CTX_init(&md_ctx);
EVP_DigestInit(&md_ctx, EVP_sha1()); EVP_DigestInit(&md_ctx, EVP_sha1());
EVP_DigestUpdate(&md_ctx, b.input, b.inLen); EVP_DigestUpdate(&md_ctx, b.input, (unsigned long)b.inLen);
EVP_DigestFinal(&md_ctx, hash, 0); EVP_DigestFinal(&md_ctx, hash, 0);
if (memcmp(hash, b.output, SHA_DIGEST_SIZE) != 0) if (memcmp(hash, b.output, SHA_DIGEST_SIZE) != 0)
@@ -3806,7 +3806,7 @@ int openssl_test(void)
EVP_MD_CTX_init(&md_ctx); EVP_MD_CTX_init(&md_ctx);
EVP_DigestInit(&md_ctx, EVP_sha256()); EVP_DigestInit(&md_ctx, EVP_sha256());
EVP_DigestUpdate(&md_ctx, d.input, d.inLen); EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen);
EVP_DigestFinal(&md_ctx, hash, 0); EVP_DigestFinal(&md_ctx, hash, 0);
if (memcmp(hash, d.output, SHA256_DIGEST_SIZE) != 0) if (memcmp(hash, d.output, SHA256_DIGEST_SIZE) != 0)
@@ -3850,7 +3850,7 @@ int openssl_test(void)
EVP_MD_CTX_init(&md_ctx); EVP_MD_CTX_init(&md_ctx);
EVP_DigestInit(&md_ctx, EVP_sha512()); EVP_DigestInit(&md_ctx, EVP_sha512());
EVP_DigestUpdate(&md_ctx, f.input, f.inLen); EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen);
EVP_DigestFinal(&md_ctx, hash, 0); EVP_DigestFinal(&md_ctx, hash, 0);
if (memcmp(hash, f.output, SHA512_DIGEST_SIZE) != 0) if (memcmp(hash, f.output, SHA512_DIGEST_SIZE) != 0)

2
cyassl/ctaocrypt/aes.h
View File

@@ -41,6 +41,8 @@
#if defined (__GNUC__) #if defined (__GNUC__)
#define ALIGN16 __attribute__ ( (aligned (16))) #define ALIGN16 __attribute__ ( (aligned (16)))
#elif defined(_MSC_VER) #elif defined(_MSC_VER)
/* disable align warning, we want alignment ! */
#pragma warning(disable: 4324)
#define ALIGN16 __declspec (align (16)) #define ALIGN16 __declspec (align (16))
#else #else
#define ALIGN16 #define ALIGN16

19
cyassl/internal.h
View File

@@ -235,11 +235,20 @@ void c32to24(word32 in, word24 out);
#endif #endif
#ifndef NO_SHA256 #ifndef NO_SHA256
#define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
#ifdef HAVE_AESGCM
#define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
#endif
#ifdef HAVE_AESCCM #ifdef HAVE_AESCCM
#define BUILD_TLS_PSK_WITH_AES_128_CCM_8 #define BUILD_TLS_PSK_WITH_AES_128_CCM_8
#define BUILD_TLS_PSK_WITH_AES_256_CCM_8 #define BUILD_TLS_PSK_WITH_AES_256_CCM_8
#endif #endif
#endif #endif
#ifdef CYASSL_SHA384
#define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
#ifdef HAVE_AESGCM
#define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
#endif
#endif
#endif #endif
#if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER) #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
@@ -258,6 +267,9 @@ void c32to24(word32 in, word24 out);
#ifndef NO_SHA256 #ifndef NO_SHA256
#define BUILD_TLS_PSK_WITH_NULL_SHA256 #define BUILD_TLS_PSK_WITH_NULL_SHA256
#endif #endif
#ifdef CYASSL_SHA384
#define BUILD_TLS_PSK_WITH_NULL_SHA384
#endif
#endif #endif
#endif #endif
@@ -441,8 +453,10 @@ enum {
TLS_RSA_WITH_NULL_SHA = 0x02, TLS_RSA_WITH_NULL_SHA = 0x02,
TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d, TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae, TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae,
TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf,
TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c, TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
TLS_PSK_WITH_NULL_SHA256 = 0xb0, TLS_PSK_WITH_NULL_SHA256 = 0xb0,
TLS_PSK_WITH_NULL_SHA384 = 0xb1,
TLS_PSK_WITH_NULL_SHA = 0x2c, TLS_PSK_WITH_NULL_SHA = 0x2c,
SSL_RSA_WITH_RC4_128_SHA = 0x05, SSL_RSA_WITH_RC4_128_SHA = 0x05,
SSL_RSA_WITH_RC4_128_MD5 = 0x04, SSL_RSA_WITH_RC4_128_MD5 = 0x04,
@@ -489,7 +503,7 @@ enum {
/* CyaSSL extension - NTRU */ /* CyaSSL extension - NTRU */
TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5, TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5,
TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6, TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clases w/ official SHA-256 */ TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */
TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8, TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8,
/* SHA256 */ /* SHA256 */
@@ -504,6 +518,8 @@ enum {
TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d, TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f,
TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8,
TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9,
/* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */ /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b,
@@ -528,6 +544,7 @@ enum {
TLS_PSK_WITH_AES_128_CCM_8 = 0xa8, TLS_PSK_WITH_AES_128_CCM_8 = 0xa8,
TLS_PSK_WITH_AES_256_CCM_8 = 0xa9, TLS_PSK_WITH_AES_256_CCM_8 = 0xa9,
/* Camellia */
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41, TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41,
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84,
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba, TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba,

64
src/internal.c
View File

@@ -1026,6 +1026,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
} }
#endif #endif
#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
if (tls1_2 && havePSK) {
suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_PSK_WITH_AES_256_GCM_SHA384;
}
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
if (tls && havePSK) { if (tls && havePSK) {
suites->suites[idx++] = 0; suites->suites[idx++] = 0;
@@ -1033,6 +1040,20 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
} }
#endif #endif
#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
if (tls && havePSK) {
suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA384;
}
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
if (tls1_2 && havePSK) {
suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_PSK_WITH_AES_128_GCM_SHA256;
}
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
if (tls && havePSK) { if (tls && havePSK) {
suites->suites[idx++] = 0; suites->suites[idx++] = 0;
@@ -1061,6 +1082,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK,
} }
#endif #endif
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
if (tls && havePSK) {
suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA384;
}
#endif
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
if (tls && havePSK) { if (tls && havePSK) {
suites->suites[idx++] = 0; suites->suites[idx++] = 0;
@@ -6544,6 +6572,18 @@ static const char* const cipher_names[] =
"DHE-RSA-AES256-SHA", "DHE-RSA-AES256-SHA",
#endif #endif
#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
"PSK-AES256-GCM-SHA384",
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
"PSK-AES128-GCM-SHA256",
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
"PSK-AES256-CBC-SHA384",
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
"PSK-AES128-CBC-SHA256", "PSK-AES128-CBC-SHA256",
#endif #endif
@@ -6564,6 +6604,10 @@ static const char* const cipher_names[] =
"PSK-AES256-CCM-8", "PSK-AES256-CCM-8",
#endif #endif
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
"PSK-NULL-SHA384",
#endif
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
"PSK-NULL-SHA256", "PSK-NULL-SHA256",
#endif #endif
@@ -6864,6 +6908,18 @@ static int cipher_name_idx[] =
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
#endif #endif
#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
TLS_PSK_WITH_AES_256_GCM_SHA384,
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
TLS_PSK_WITH_AES_128_GCM_SHA256,
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
TLS_PSK_WITH_AES_256_CBC_SHA384,
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
TLS_PSK_WITH_AES_128_CBC_SHA256, TLS_PSK_WITH_AES_128_CBC_SHA256,
#endif #endif
@@ -6884,6 +6940,10 @@ static int cipher_name_idx[] =
TLS_PSK_WITH_AES_256_CCM_8, TLS_PSK_WITH_AES_256_CCM_8,
#endif #endif
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
TLS_PSK_WITH_NULL_SHA384,
#endif
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
TLS_PSK_WITH_NULL_SHA256, TLS_PSK_WITH_NULL_SHA256,
#endif #endif
@@ -9932,9 +9992,13 @@ static void PickHashSigAlgo(CYASSL* ssl,
break; break;
#endif #endif
case TLS_PSK_WITH_AES_128_GCM_SHA256 :
case TLS_PSK_WITH_AES_256_GCM_SHA384 :
case TLS_PSK_WITH_AES_128_CBC_SHA256 : case TLS_PSK_WITH_AES_128_CBC_SHA256 :
case TLS_PSK_WITH_AES_256_CBC_SHA384 :
case TLS_PSK_WITH_AES_128_CBC_SHA : case TLS_PSK_WITH_AES_128_CBC_SHA :
case TLS_PSK_WITH_AES_256_CBC_SHA : case TLS_PSK_WITH_AES_256_CBC_SHA :
case TLS_PSK_WITH_NULL_SHA384 :
case TLS_PSK_WITH_NULL_SHA256 : case TLS_PSK_WITH_NULL_SHA256 :
case TLS_PSK_WITH_NULL_SHA : case TLS_PSK_WITH_NULL_SHA :
if (requirement == REQUIRES_PSK) if (requirement == REQUIRES_PSK)

74
src/keys.c
View File

@@ -937,6 +937,44 @@ int SetCipherSpecs(CYASSL* ssl)
break; break;
#endif #endif
#ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
case TLS_PSK_WITH_AES_128_GCM_SHA256 :
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
case TLS_PSK_WITH_AES_256_GCM_SHA384 :
ssl->specs.bulk_cipher_algorithm = cyassl_aes_gcm;
ssl->specs.cipher_type = aead;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AEAD_IMP_IV_SZ;
ssl->specs.aead_mac_size = AES_GCM_AUTH_SZ;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
case TLS_PSK_WITH_AES_128_CBC_SHA256 : case TLS_PSK_WITH_AES_128_CBC_SHA256 :
ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.bulk_cipher_algorithm = cyassl_aes;
@@ -955,6 +993,24 @@ int SetCipherSpecs(CYASSL* ssl)
break; break;
#endif #endif
#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
case TLS_PSK_WITH_AES_256_CBC_SHA384 :
ssl->specs.bulk_cipher_algorithm = cyassl_aes;
ssl->specs.cipher_type = block;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE;
ssl->specs.iv_size = AES_IV_SIZE;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
case TLS_PSK_WITH_AES_128_CBC_SHA : case TLS_PSK_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = cyassl_aes; ssl->specs.bulk_cipher_algorithm = cyassl_aes;
@@ -1009,6 +1065,24 @@ int SetCipherSpecs(CYASSL* ssl)
break; break;
#endif #endif
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
case TLS_PSK_WITH_NULL_SHA384 :
ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha384_mac;
ssl->specs.kea = psk_kea;
ssl->specs.sig_algo = anonymous_sa_algo;
ssl->specs.hash_size = SHA384_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = 0;
ssl->specs.block_size = 0;
ssl->specs.iv_size = 0;
ssl->options.usingPSK_cipher = 1;
break;
#endif
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA #ifdef BUILD_TLS_PSK_WITH_NULL_SHA
case TLS_PSK_WITH_NULL_SHA : case TLS_PSK_WITH_NULL_SHA :
ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null; ssl->specs.bulk_cipher_algorithm = cyassl_cipher_null;

39
src/ssl.c
View File

@@ -8301,10 +8301,14 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
CYASSL_ENTER("SSL_CIPHER_get_name"); CYASSL_ENTER("SSL_CIPHER_get_name");
#ifndef NO_ERROR_STRINGS #ifndef NO_ERROR_STRINGS
if (cipher) { if (cipher) {
#ifdef HAVE_ECC #if defined(HAVE_ECC) || defined(HAVE_AESCCM)
/* Awkwardly, the ECC cipher suites use the ECC_BYTE as expected,
* but the AES-CCM cipher suites also use it, even the ones that
* aren't ECC. */
if (cipher->ssl->options.cipherSuite0 == ECC_BYTE) { if (cipher->ssl->options.cipherSuite0 == ECC_BYTE) {
/* ECC suites */ /* ECC suites */
switch (cipher->ssl->options.cipherSuite) { switch (cipher->ssl->options.cipherSuite) {
#ifdef HAVE_ECC
#ifndef NO_RSA #ifndef NO_RSA
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"; return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
@@ -8407,6 +8411,7 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"; return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
#endif #endif
#endif /* HAVE_ECC */
#ifdef HAVE_AESCCM #ifdef HAVE_AESCCM
#ifndef NO_RSA #ifndef NO_RSA
@@ -8415,10 +8420,18 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
case TLS_RSA_WITH_AES_256_CCM_8 : case TLS_RSA_WITH_AES_256_CCM_8 :
return "TLS_RSA_WITH_AES_256_CCM_8"; return "TLS_RSA_WITH_AES_256_CCM_8";
#endif #endif
#ifndef NO_PSK
case TLS_PSK_WITH_AES_128_CCM_8 :
return "TLS_PSK_WITH_AES_128_CCM_8";
case TLS_PSK_WITH_AES_256_CCM_8 :
return "TLS_PSK_WITH_AES_256_CCM_8";
#endif
#ifdef HAVE_ECC
case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"; return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8";
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"; return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8";
#endif
#endif #endif
default: default:
@@ -8468,8 +8481,6 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
return "TLS_RSA_WITH_NULL_SHA256"; return "TLS_RSA_WITH_NULL_SHA256";
#endif /* NO_RSA */ #endif /* NO_RSA */
#ifndef NO_PSK #ifndef NO_PSK
case TLS_PSK_WITH_AES_128_CBC_SHA256 :
return "TLS_PSK_WITH_AES_128_CBC_SHA256";
#ifndef NO_SHA #ifndef NO_SHA
case TLS_PSK_WITH_AES_128_CBC_SHA : case TLS_PSK_WITH_AES_128_CBC_SHA :
return "TLS_PSK_WITH_AES_128_CBC_SHA"; return "TLS_PSK_WITH_AES_128_CBC_SHA";
@@ -8477,14 +8488,24 @@ CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
return "TLS_PSK_WITH_AES_256_CBC_SHA"; return "TLS_PSK_WITH_AES_256_CBC_SHA";
#endif #endif
#ifndef NO_SHA256 #ifndef NO_SHA256
#ifdef HAVE_AESCCM case TLS_PSK_WITH_AES_128_CBC_SHA256 :
case TLS_PSK_WITH_AES_128_CCM_8 : return "TLS_PSK_WITH_AES_128_CBC_SHA256";
return "TLS_PSK_WITH_AES_128_CCM_8";
case TLS_PSK_WITH_AES_256_CCM_8 :
return "TLS_PSK_WITH_AES_256_CCM_8";
#endif
case TLS_PSK_WITH_NULL_SHA256 : case TLS_PSK_WITH_NULL_SHA256 :
return "TLS_PSK_WITH_NULL_SHA256"; return "TLS_PSK_WITH_NULL_SHA256";
#ifdef HAVE_AESGCM
case TLS_PSK_WITH_AES_128_GCM_SHA256 :
return "TLS_PSK_WITH_AES_128_GCM_SHA256";
#endif
#endif
#ifdef CYASSL_SHA384
case TLS_PSK_WITH_AES_256_CBC_SHA384 :
return "TLS_PSK_WITH_AES_256_CBC_SHA384";
case TLS_PSK_WITH_NULL_SHA384 :
return "TLS_PSK_WITH_NULL_SHA384";
#ifdef HAVE_AESGCM
case TLS_PSK_WITH_AES_256_GCM_SHA384 :
return "TLS_PSK_WITH_AES_256_GCM_SHA384";
#endif
#endif #endif
#ifndef NO_SHA #ifndef NO_SHA
case TLS_PSK_WITH_NULL_SHA : case TLS_PSK_WITH_NULL_SHA :

36
tests/test-dtls.conf
View File

@@ -658,6 +658,18 @@
-v 3 -v 3
-l PSK-AES128-CBC-SHA256 -l PSK-AES128-CBC-SHA256
# server DTLSv1.2 PSK-AES256-SHA384
-s
-u
-v 3
-l PSK-AES256-CBC-SHA384
# client DTLSv1.2 PSK-AES256-SHA384
-s
-u
-v 3
-l PSK-AES256-CBC-SHA384
# server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 # server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-u -u
-v 3 -v 3
@@ -754,6 +766,30 @@
-v 3 -v 3
-l ECDH-RSA-AES256-GCM-SHA384 -l ECDH-RSA-AES256-GCM-SHA384
# server DTLSv1.2 PSK-AES128-GCM-SHA256
-u
-s
-v 3
-l PSK-AES128-GCM-SHA256
# client DTLSv1.2 PSK-AES128-GCM-SHA256
-u
-s
-v 3
-l PSK-AES128-GCM-SHA256
# server DTLSv1.2 PSK-AES256-GCM-SHA384
-u
-s
-v 3
-l PSK-AES256-GCM-SHA384
# client DTLSv1.2 PSK-AES256-GCM-SHA384
-u
-s
-v 3
-l PSK-AES256-GCM-SHA384
# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 # server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8
-u -u
-v 3 -v 3

40
tests/test.conf
View File

@@ -1192,6 +1192,16 @@
-v 3 -v 3
-l PSK-AES128-CBC-SHA256 -l PSK-AES128-CBC-SHA256
# server TLSv1.2 PSK-AES256-SHA384
-s
-v 3
-l PSK-AES256-CBC-SHA384
# client TLSv1.2 PSK-AES256-SHA384
-s
-v 3
-l PSK-AES256-CBC-SHA384
# server TLSv1.0 PSK-NULL # server TLSv1.0 PSK-NULL
-s -s
-v 1 -v 1
@@ -1232,6 +1242,16 @@
-v 3 -v 3
-l PSK-NULL-SHA256 -l PSK-NULL-SHA256
# server TLSv1.2 PSK-NULL-SHA384
-s
-v 3
-l PSK-NULL-SHA384
# client TLSv1.2 PSK-NULL-SHA384
-s
-v 3
-l PSK-NULL-SHA384
# server TLSv1.2 PSK-NULL # server TLSv1.2 PSK-NULL
-s -s
-v 3 -v 3
@@ -1604,6 +1624,26 @@
-v 3 -v 3
-l DHE-RSA-AES256-GCM-SHA384 -l DHE-RSA-AES256-GCM-SHA384
# server TLSv1.2 PSK-AES128-GCM-SHA256
-s
-v 3
-l PSK-AES128-GCM-SHA256
# client TLSv1.2 PSK-AES128-GCM-SHA256
-s
-v 3
-l PSK-AES128-GCM-SHA256
# server TLSv1.2 PSK-AES256-GCM-SHA384
-s
-v 3
-l PSK-AES256-GCM-SHA384
# client TLSv1.2 PSK-AES256-GCM-SHA384
-s
-v 3
-l PSK-AES256-GCM-SHA384
# server TLSv1.2 AES128-CCM-8 # server TLSv1.2 AES128-CCM-8
-v 3 -v 3
-l AES128-CCM-8 -l AES128-CCM-8